1. Field of the Invention
The present invention relates to chips, and more particularly to protection of chips to prevent unlimited access to the same.
2. Description of the Related Art
The protection concepts of current chips are designed such that they determine only the number of authentification attempts and authentifications, respectively. In the present application, chips mean a semiconductor apparatus with integrated circuitry, while chip cards consist of the chip and a carrier, such as a plastic carrier. In a current GSM SIM card, for example, the number of potential authentification attempts is limited to three. A program in a processing unit in a GSM SIM card determines the number of authentification attempts via a counter and compares whether the count exceeds the maximum value. If this is the case, the card is locked.
FIG. 6 shows such a GSM SIM card. It comprises a clock terminal 1, a supply voltage terminal 2, a data bus terminal 6, a processing unit 16, a memory 26, a counter 11 and a non-volatile memory 36. The clock terminal 1 and the data bus terminal 6 are connected to the processing unit 16 and the memory 26. An output of the processing unit 16 is connected to the input of the counter 11, an output of the counter 11 is connected to an input of the processing unit 16. Thus, there is a bidirectional connection between the processing unit 16 and the counter 11. A further output of the counter is connected to the input of a non-volatile memory 36 and an output of the non-volatile memory 36 to an input of the counter 11. Thus, there is again a bidirectional connection between the counter 11 and the non-volatile memory 36. The processing unit 16 is suitable for performing operations. These operations can be reading out contents of the memory 26, processing these contents and the subsequent writing of contents into the memory 26. Depending on a certain instruction or certain instructions for instructing an authentification attempt, the processing unit signals the counter to increment its count by one. The counter 11 stores its current count in the non-volatile memory 36. If the supply voltage is switched off at the supply voltage terminal 2, the non-volatile memory 36 retains the last state of the counter 11. If a supply voltage is applied again to the supply voltage terminal 2, the counter 11 reads its output count from the non-volatile memory 36 before it can receive further signals from the processing unit 16. If the counter 11 reaches a certain value, such as 3, a certain access method to the chip, which means further authentification attempts via the input of a four digit identification number (PIN number), is prevented. Thus, the GSM SIM card allows no further authentification attempts this way. The chip can then only be unlocked via the input of a very long identification number, which the customer receives from the mobile radio operator when signing a contract.
However, this method does not prevent a potential attacker from performing current analysis, spike attacks and similar attacks to the chip across an unlimited time or across an unlimited number of clock cycles. By these methods, the potential attacker can obtain valuable information about the construction, the structure and content of the memory elements on the chip and thus acquire secret data. For these attacks, an authentification is not required, which is why the protection mechanism fails.
The problem with trying to prevent further attacks, which require no authentification, is that current chip testers with microcontrollers and security memories such as a smart card, have no clock, so that the operation cannot be limited in time. There is no time reference for detecting the time period within which an attacker tries to obtain information via the chip.
So far, the time coupling was only implemented in security models, typically in remote access applications, such as access authorization modules for firm means such as for secure token with a real time clock, which requires battery buffering and a quartz clock generation. Due to their thickness, these elements cannot be used in the chip cards widely spread today.